REMARKS 

Claims 6-46 were pending at last examination. Claims 6-9, 31-39, and 43-45 
have been amended. No claims have been added. No claims were cancelled. 

S Examiner Interview 

Applicant wishes to thank Examiner for the courtesy of a telephone interview 
on January 11, 2007, in which Applicant and Examiner discussed the difference 
between a virtual local area network (VLAN) switch and a network machine with 
multiple virtual routers. No conclusions of patentability were made in this interview. 

Claim Rejections - 35 USC 1 12 
Claims 29 and 33 stand rejected under 35 USC 1 12 second paragraph as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. Applicant respectfully submits that claims 
29 and 33, as amended, satisfy the requirements of 35 U.S.C § 1 12, second paragraph 
and respectfully requests the withdrawal of the rejection of the claims under § 1 12. 

Rejections under 35 USC § 103(a) 

Applicant's claims 6-30 have been rejected under 35 U.S.C. § 103(a) as being 
obvious over U.S. Patent No. 5,825,772 issued to Dobbins et al. in view of Cisco et al 
("Radius Commands"). Applicant does not admit Dobbins is prior art and reserves the 
right to swear behind the reference at a later date. 

Dobbins discloses virtual local area network (VLAN) switches that switch traffic 
within a VLAN switch domain (col. 1, lines 60-63). A VLAN is a network domain where 
users appear to be on the same local area network (LAN) segment, even though may be 
geographically separated (col. 1, lines 60-63). Each VLAN switch forwards a packet 
based on the packet's source and destination MAC address (col. 4, lines 32-35) and a 
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local directory (Fig. 3, col. 9, lines 42-45). The local directory contains switch forwarding 
information for the multiple domains in one file, for example, VLAN "red", "blue", 
"default" are listed in the local cache switch table (Fig. 3b, col. 10, lines 27-40). Thus, a 
single VLAN switch can switch traffic belonging to multiple VLAN domains. 

Each switch in the domain maintains a "virtual directory" which contains 
complete mappings of all known users within the domain (col. 3 lines 60-67 thru col. 4 
lines 1-9). The switched domain also allows interconnectivity between legacy networks 
through the use of "virtual router agents" (col. 6, lines 35-38). The virtual router agents 
process the route and service advertisements they receive from multi-protocol routers and 
servers attached to the switch (col. 6, lines 35-40). The switch summarizes and collapses 
the external networks, routes, and services to only the "best" routes in order to provide a 
best path to a network or server outside of the switched domain (col. 6, lines 40-46). 
Dobbins also describes a switch using Address Resolution Protocol (ARP) to resolve 
physical hardware addresses that are located remotely from the switch. In addition, each 
of Dobbins' "virtual router agents" process only one protocol. For example, the "virtual 
router agent" is the secure fast routing service that performs a discovery and resolve 
service co-located on the VLAN switch (col. 20, lines 62-65). Separate secure fast routing 
service processes DP and IPX routing announcements (col. 21, lines 16-17). 

Nonetheless, these router agents do not forward data for a unique domain, but 
merely provide reachability information to the switch engine (col. 6, lines 40-42). 
Furthermore, the "virtual router agent" of Dobbins does not correspond to a unique 
network domain, but are rather correspond to a particular routing protocol. Dobbins does 
not disclose any type of virtualized machine. 

Radius Commands discloses configuring a router to transmit all outgoing 
RADIUS commands through a specific router interface (Radius Commands, p.l). For 
example, Radius Commands describes configuring a router to transmit all outgoing 
RADIUS commands through a specific router interface (Radius Commands, p.l). As 
another example, Radius Commands describes setting authentication and encryption keys 
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for all RADIUS communications between a router and the RADIUS daemon (Radius 
Commands, p. 2). 

Applicant respectfully submits that Dobbins and Radius Commands do not teach 
or suggest Applicant's claims. In particular, Dobbins discloses a single VLAN switch that 
switches data within multiple network domains. Dobbins' "virtual router agents" process 
routing service announcements for a particular routing protocol. Finally, Radius 
Commands merely discloses configuring a router to transmit all outgoing RADIUS 
commands through a specific router interface. Therefore, neither Dobbins nor Radius 
Command teach or suggest one virtual router out of a plurality of virtual routers on a 
single network device that forwards data within a unique network domain . Nor does 
either reference disclose multiple virtual routers each having a separate network database 
that include control information used to forward data within a respective network domain . 

For example, claims 6, 8, and 10, as amended, require . . at least one virtual 
router in the memory, said at least one virtual router including a network interface, 
wherein the at least one virtual router is associated to an unique network domain, the at 
least one virtual router forwards data within the unique network domain and the at least 
one virtual router is one of a plurality of virtual routers in the memory ..." 

Furthermore, claim 18, as amended, requires, . . providing a network device 
including an electronic memory encoded with a first virtual router which includes at 
least one first network interface and with a second virtual router which includes at 
least one second network interface , wherein the first virtual router is coupled to a first 
network domain, and the second virtual router is coupled to a second network domain 
. . . binding the at least one first network interface to the at least one first sub-interface 
data structure, wherein the first virtual router forwards data within the first network 
domain through the first network interface ; and binding the at least one second 
network interface to the at least one second sub-interface data structure, wherein the 
second virtual router forwards data within the second network domain through the 
second network interface." 
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Claims 24 and 29, as amended, require . . memory encoded with multiple 
respective virtual routers , each of said respective virtual routers including a separate 
respective network database which includes respective control information to forward 
data within a respective network domain , said each of respective virtual routers 
respectively each including at least one respective network interface for the respective 
network domain ..." 

Claim 31, as amended, requires ". . . wherein the at least one virtual bridge is 
associated to an unique network domain , the at least one virtual bridge forwards data 
within the unique network domain and the at least one virtual bridge is one of a 
plurality of virtual bridges in the memory . . .". 

Claims 33 requires . . a first virtual router comprising a network interface and 
a first database , to instantiate a second virtual router comprising a network interface 
and a second database , and to bind with a data structure the first virtual router network 
interface to the first physical interface, wherein the first virtual router routes packets 
according to the first database within a first network domain through the first virtual 
router network interface and the first physical interface , and wherein the second virtual 
router routes packets according to the second database within a second network 
domain ." 

Claim 35 requires ". . .to instantiate a first virtual router comprising a network 
interface and a first database , to instantiate a second virtual router comprising a 
network interface and a second database , and to bind with a data structure the first 
virtual router network interface to a first virtual circuit, wherein the first virtual router 
routes packets according to the first database within a first network domain through 
the first virtual router network interface and the first virtual circuit , and wherein the 
second virtual router routes packets according to the second database within a second 
network domain ." 

Claim 37 requires . .to instantiate a first virtual bridge comprising a network 
interface and a first database , to instantiate a second virtual bridge comprising a 
network interface and a second database , and to bind with a data structure the first 
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virtual bridge network interface to a first virtual circuit, wherein the first virtual bridge 
switches packets according to the first database within a first network domain through 
the first virtual bridge network interface and the first virtual circuit , and wherein the 
second virtual bridge switches packets according to the second database within a 
second network domain ." 

Claim 39, as amended, requires " instantiate a plurality of virtual network 
machines , wherein the plurality of virtual network machines are virtually independent 
but share a set of physical resources within the single network device , wherein each of 
the plurality of virtual network machines is one of a virtual router and a virtual bridge , 
and wherein each of the plurality of virtual network machines belong to a different 
network domain , receive subscriber records associated with the plurality of 
subscribers, wherein each of the plurality of subscribers are associated with a virtual 
circuit on one of the first plurality of ports, wherein each of the first and second 
plurality of ports is associated with one or more sub-interfaces, and wherein each of 
the virtual circuits is associated with one of the sub- interfaces associated with the one 
of the first plurality of ports that the virtual circuit is on, and dynamically bind a set of 
one or more network interfaces of each of the virtual network machines to a set of one 
or more of the sub-interfaces, such that each of the virtual circuits is communicatively 
coupled with one of said plurality of virtual network machines based on the subscriber 
record of the subscriber associated with that virtual circuit and such that at least some 
of the virtual network machines are communicatively coupled to one of the second 
plurality of ports , wherein the bindings are represented with a plurality of data 
structures." 

Claim 47 requires " instantiate a plurality of virtual network machines to 
forward the plurality of information flows through the single network device , wherein 
the plurality of virtual network machines are virtually independent but share a set of 
physical resources within the single network device , wherein each of the plurality of 
virtual network machines is one of a virtual router and a virtual bridge , wherein the 
plurality of virtual network machines belong to different network domains with 
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accounting for different administrative authorities , wherein each of the virtual network 
machines include one or more network interfaces, and wherein each of the plurality of 
ports is associated with one or more sub-interface data structures, and 
dynamically bind, with a plurality of binding data structures, the network interfaces of 
each of the virtual network machines to different ones of the sub-interface data 
structures to couple each of the plurality of information flows to a currently 
appropriate one of the plurality of virtual network machines based on current 
authorization of that information flow , and wherein the bindings are dynamic based on 
a change in the authorization of each of the plurality of information flows." 

The above quoted limitations are not described or suggested by Dobbins or 
Radius Commands. While there are various uses for the invention as claimed, several 
such uses are discussed in Figure 13, p. 16, lines 13-32; and p. 17, lines 18-23. Thus, 
while the invention is not limited to the uses discussed in these paragraphs, it should 
be understood that Dobbin and Radius Commands does not enable these uses and the 
above quoted limitations do. 

For at least these reasons, Applicant respectfully submits that the independent 
claims are allowable. The Applicant respectfully submits that the dependant claims 
are allowable for at least the reason that they are dependent on an allowable 
independent claim. 
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SUMMARY 



Applicant respectfully submits that the rejections have been overcome by the 
amendments and remarks, and that the Claims as amended are now in condition for 
allowance. Accordingly, Applicant respectfully requests the rejections be withdrawn and 
the Claims as amended be allowed. 

Invitation for a telephone interview 
The Examiner is invited to call the undersigned at 408-720-8300 (Pacific Time) 
if there remains any issue with allowance of this case. 



Charge our Deposit Account 
Please charge any shortage to our Deposit Account No. 02-2666. 



Respectfully submitted, 



BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 



Date: 
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, 2007 




Eric S. Replogle 
Reg. No. 52,161 



12400 Wilshire Boulevard 



Seventh Floor 



Los Angeles, California 90025-1026 
(408) 720-8300 
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